In the context of information systems, intrusion refers to any unauthorized access, or malicious use of information resources. The increasing use of remote access and web-based commerce has increased the need for convenient, cost-effective, yet strong authentication models. There are many dimensions to the types of intrusion that can take place in an information system. These include target of an attack such as windows based systems, vulnerabilities and exploits that the attack uses, payload an attack may include such as a virus that installs a Trojan horse and an attack by impersonating others. One such type of intruders is the masquerader, who use authentication of other users or servers to obtain corresponding privileges, for password attacks or for information gathering attacks. For example, social security numbers, account information after linking to counterfeit bank, credit card details, debit card details, details provided on e-commerce websites, and the like.
Phishing is an example of a social engineering attack which poses a security threat. Deception becomes a valuable component in such cases. Typically, phishers impersonate known and trusted financial institutions and organizations to access a user's personal account information, access network connections and the like. Many technological solutions have been proposed to prevent and reduce phishing attempts, each having certain claimed advantages and shortcomings. Some of the proposed solutions include using dedicated hardware solutions, one-time passwords, server-side certificates, graphical indications of security level (e.g., displaying an icon representing a padlock if the website displayed in the Internet browser is secure), client-side browser extensions (e.g., to check for typical signs of phishing, such as checking website URLs and checking the syntax of presented website pages), blacklists (e.g., maintaining lists of phishing websites locally on a client or remotely on a server).
Given enough time for attempts, it's relatively easy for unauthorized intruders to crack a static password. Unlike static passwords, a one-time password changes each time user logs in with the password being generated either by time-synchronized or counter-synchronized methods that typically requires the user to carry a small piece of hardware. While this is a strong authentication model, the drawback is that if the one-time password is passed through by the attacker and used to login within milliseconds, making even the 30-60 second time period for time synchronous tokens irrelevant.
The anti-phishing technique using browser cookies is where a website places a browser cookie on the user's computer after answering secret questions. Due to frequent roaming and cookie deletion, users get accustomed to answering secret questions. The man-in-the middle can trick the user into answering the secret questions at the phisher site and then use those questions to login to the real website. The anti-phishing technique of IP geo-location is where a website associates the user's account with the geographic location of the IP address. The man-in-the-middle proxy server is routed to a local botnet computer located in the same geographic region or ISP as the user's computer. The use of virtual keyboard as a means to prevent phishing has a drawback that user's sensitive information is stolen after it is entered through the virtual keyboard. Technological solutions to combat phishing have been proposed through the use of personal trusted devices.
Several prior methods have been developed on the lines as described above. However, these security measures are vulnerable to Man-in-the-Middle (MiTM attacks). Mitigation of these attacks requires some level of user involvement in the process. The present invention is particularly designed to prevent the man-in-the-middle attacks.